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(54) Method and apparatus for authenticating electronic documents 

(57) The present invention consists of a method and transportable storage media and returns it to the client, 
apparatus for authenticating an electronic document. In 
one embodiment of the invention, a party wishing to dig- 
itally sign an electronic document (the "client") stores 
the unsigned electronic document, and the client's pub- 
lic and private keys, on transportable storage media 
such as a floppy disk. The client conveys the storage 
media to an authorized electronic document authentica- 
tor. An authorized electronic document authenticator is 
an individual or enterprise that has access to the appa- 
ratus of the present invention or that has been author- 
ized to use the method of the present invention. The 
client presents identity documents to the authenticator 
to verify the client's identity. The client digitally signs the 
electronic document in the presence of the authentica- 
tor. The authenticator verifies the digital signature using 
the public key provided by the client. Having witnessed 
the client digitally signing the electronic document using 
the client's private key, having verified that the public key 
supplied to the authenticator by the client corresponds 
to the private key used by the client to produce the dig- 
ital signature, and having verified the identity of the cli- 
ent using the identification documents provided by the 
client and/or biometric measurements taken of the cli- 
ent, the authenticator appends an "authenticator identi- 
fication envelope" containing a certification to that effect 
to the electronic document. In one embodiment of the 
invention, the authenticator identification envelope 
includes digitally recorded biometric data obtained from 
the client. The authenticator digitally signs the resulting 
electronic document, creating an authenticated elec- 
tronic document. The authenticator transfers the com- 
pleted, authenticated electronic document onto 
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Description 

BACKGROUND OF THE INVENTION 

1. FIELD OF THE INVENTION 

The present invention relates to the field of elec- 
tronic commerce, and more particularly to a method and 
apparatus for authenticating electronic documents. 

2. BACKGROUND ART 

Well established mechanisms exist for creating 
legally binding written instruments. One such mecha- 
nism is the application of a handwritten signature to a 
written document. For certain transactions, authentica- 
tion of a handwritten signature, for example by a 
licensed public official such as a notary, is required. 
Authentication of a signature by a notary requires a per- 
sonal appearance before the notary. The notary person- 
ally witnesses the execution of the signature, inspects 
identity documents to verify the identity of the person 
executing the signature, and affixes a notary statement 
and seal to the signed document. Notarization of a sig- 
nature provides a level of assurance that the written 
instrument was in fact executed by person identified by 
the signature, and prevents repudiation of the signed 
instrument by the signer. 

Electronic, computer based methods of doing busi- 
ness are increasingly displacing traditional paper based 
methods. Electronic communications and electronic 
documents are replacing written contracts, orders, pay- 
ment instruments, account statements, invoices, and 
other paper documents. 

Unlike their paper counterparts, electronic docu- 
ments do not exist in physical form. Instead, they con- 
sist of sets of digital data that may be stored on various 
types of digital storage media ranging from volatile inter- 
nal RAM memory to non-volatile ROM memory to mag- 
netic and/or optical disk storage media, and that may be 
transmitted over various computer communications 
links including local and wide area networks, and the 
Internet. Because electronic documents do not have a 
physical form, the mechanisms devised to create legally 
binding paper instruments, such as affixing a notarized 
signature, cannot be used for electronic documents. 
Accordingly, a need has arisen for alternative mecha- 
nisms for creating and authenticating legally binding 
electronic documents and communications. Digital 
encryption, digital message digests, digital signatures, 
and digital certificates are some of the existing crypto- 
graphic tools that are used in the present invention to 
address this need. 

Two well known types of cryptography are secret 
key cryptography and public key cryptography. 

Secret key cryptography is a symmetric form of 
cryptography in which a single key is used to encrypt 
and decrypt an electronic document. To encrypt an 



electronic document, the electronic document and the 
secret key are supplied to a hardware device or a soft- 
ware encryption program that transforms the electronic 
document into an encrypted electronic document by 
means of an encryption process that uses the secret 
key and the electronic document as an input. TTie origi- 
nal electronic document can only be obtained from the 
encrypted electronic document by applying a reverse 
decryption process using the same secret key. Because 
the same secret key is used for encryption and decryp- 
tion, both the sender and the recipient of the encrypted 
electronic document must have a copy of the secret key. 
The security of secret key cryptography can therefore 
be compromised by either the sender or the recipient 

Public key cryptography is an asymmetric form of 
cryptography that uses a two-key pair, typically referred 
to as a public key and a private key. These two keys are 
different but constitute a matched key pair. In public key 
encryption, electronic documents encrypted with either 
the public or private key of a public-private key pair can 
only be decrypted using the other key of the key pair. 
For example, an electronic document encrypted with a 
public key can only be decrypted using the correspond- 
ing private key. Conversely, an electronic document 
encrypted with a private key can only be decrypted 
using the corresponding public key. 

The terms "public" key and "private" key stem from 
a manner in which public key cryptography is often 
used. A party A, concerned about privacy of its incom- 
ing communications generates a public-private key pair, 
using cryptographic hardware and/or software. Party A 
keeps its private key secret, but freely distributes its 
public key. Party B wishing to send a confidential elec- 
tronic document to party A, can encrypt its electronic 
document using party A's freely available public key. 
Since the electronic document can then only be 
decrypted using the corresponding private key, party B 
can be assured that only party A, in possession of the 
private key, will be able to decode the encrypted elec- 
tronic document. 

A number of uncertainties arise with respect to the 
use of public key cryptography. One uncertainty relates 
to the identity of the owner of the private key that corre- 
sponds to the public key. It is possible, for example, that 
a public key may be circulated that fraudulently purports 
to be the public key of party A, but the corresponding 
private key of which is actually held by party C. A sender 
who encrypts a confidential communication to party A, 
using the public key the sender believes belongs to 
party A, will instead be creating a conf idential communi- 
cation that can be decrypted and read only by party C. 

A second uncertainty, from the perspective of the 
recipient, relates to the identity of the sender of an 
encrypted communication. Since the recipient's public 
key is freely distributed, encryption of a communication 
with the recipient's correct public key does not provide 
any information concerning the sender, other than that 
the sender is someone who has access to the recipi- 
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ent's public key. As public keys are often freely available 
from public key repositories, the sender could be any- 
one. 

A third uncertainty concerns the integrity of the 
communication - that is, there is an uncertainty as to 
whether the communication received by the recipient is 
the actual communication sent by the sender. For exam- 
ple, the communication may have been intercepted, 
modified, or replaced. 

Digital signatures and digital certificates have been 
devised to address some of the uncertainties inherent in 
public key cryptography. 

One of the purposes of a digital signature is to link 
an electronic document with an owner of the private key 
corresponding to a particular public key. Additionally, a 
digital signature can be used to determine whether an 
electronic document has been altered during transmis- 
sion of the document from the sender to the recipient. 

One form of digital signature uses a message 
digest. A message digest is a value that is generated 
when an electronic document is passed through a one 
way encryption process ("digesting process ") such as a 
hashing routine. An ideal digesting process is one for 
which the probability that two different electronic docu- 
ments will generate the same message digest is near 
zero. In this form of digital signature, both the sender 
and the recipient need to know which digesting process 
is being used. The sender generates the electronic doc- 
ument, and generates a message digest bypassing the 
electronic document through the digesting process. The 
sender encrypts the resulting message digest with the 
sender's private key. The result, the encrypted message 
digest, then becomes the digital signature of the elec- 
tronic document. The digital signature may be 
appended to the electronic document or kept as a sep- 
arate entity. 

The recipient obtains the electronic document and 
the digital signature of the sender. The recipient 
decrypts the digital signature using what the recipient 
believes to be the sender's public key, obtaining the 
decrypted message digest X. The recipient processes 
the received electronic document using the digesting 
process, obtaining message digest Y. The recipient then 
compares message digest Y to message digest X. If X 
m Y, the message digests are the same. This verifies 
that the electronic document was (1) digitally signed by 
the private key corresponding to the public key used to 
recover message digest X, and (2) that the electronic 
document content was not changed from the time that it 
was signed to the time that the digital signature was ver- 
ified. However, the uncertainty remains as to whether 
the public key used by the recipient to decrypt the digital 
signature, which the recipient believes is the public key 
of the sender, is in fact the sender's public key. 

The effectiveness of the digital signature, as well as 
other uses of public key cryptography, thus depends on 
the level of confidence as to the identity of the holder of 
the private key corresponding to a particular public key. 



Digital certificates are intended to provide a level of 
assurance as to the identity of the holder of the private 
key corresponding to a particular public key. The issuers 
of digital certificates are called certification authorities. 

5 A digital certificate constitutes a certification by a certifi- 
cation authority that a particular public key is the public 
key of a particular entity, and that this entity is the holder 
of the corresponding private key. 

Certification authorities are often commercial enter- 

10 prises that collect fees for issuing digital certificates. To 
obtain a digital certificate, an applicant submits an appli- 
cation for a digital certificate together with the appli- 
cant's public key and some form of identity verification to 
a certification authority. The certification authority 

15 reviews the application, and if the application meets the 
criteria established by the certification authority, issues 
a digital certificate to the applicant. 

The digital certificate itself is an electronic docu- 
ment. Although a variety of formats exist, a digital certif- 

20 icate typically includes, among other items, the name of 
the certification authority, the name of the certificate 
holder, the expiration date of the certificate, the public 
key of the certificate holder, and the digital signature of 
the certification authority. The digital certificate consti- 

25 tutes a certification by the certification authority that the 
holder of the certificate is the owner of the public key 
specified in the certificate, and, by implication, is there- 
fore the holder of the corresponding private key. 

The authenticity of a digital certificate is tested by 

30 verifying the certification authority's digital signature 
using the certification authority's public key. The level of 
assurance provided by a digital certificate depends on a 
number of factors, including the reputation of the certifi- 
cation authority issuing the certificate, the thoroughness 

35 of the procedures used by the certification authority in 
issuing the certificate, and the level of confidence in the 
certification authority's public key. Some certification 
authorities issue different levels of certificates, corre- 
sponding to different levels of investigation performed 

40 by the certificate authority during evaluation of an appli- 
cation. 

The authenticity of a digital signature depends 
largely on the authenticity of the public key used by a 
recipient to test the digital signature. A digital certificate 

45 may be used to help authenticate a digital signature by 
verifying the authenticity of the certificate holder's public 
key. The digital certificate may be appended to an elec- 
tronic document, or the recipient of an electronic docu- 
ment may obtain a copy of the certificate from the 

so issuing certification authority or other certificate reposi- 
tory. 

One drawback of using digital certificates for 
authentication of a digital signature is that a party wish- 
ing to digitally sign an electronic document must have 
55 previously applied for and obtained a digital certificate. 
If a party does not have a digital certificate its digital sig- 
nature is questionable. A second drawback of prior art 
digital certificates is that certification authorities do not 
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require an applicant to prove that the applicant has 
actual custody of the private key corresponding to the 
public key the applicant presents to the certification 
authority for certification at the time of application. 
Accordingly, the question remains as to the identity of 5 
the real holder of the private key corresponding to the 
public key identified in the digital certificate. 

Accordingly, there remains a need for a means for 
verification of the authenticity of a digital signature in the 
absence of a digital certificate, and for verifying that a 10 
purported owner of a public key in fact has present cus- 
tody of the corresponding private key at the time a dig- 
ital signature is executed. 

SUMMARY OF THE INVENTION 15 

The present invention consists of a method and 
apparatus for authenticating an electronic document. In 
one embodiment of the invention, a party wishing to dig- 
itally sign an electronic document (the "client") gener- 20 
ates the document using appropriate software, such as, 
for example, a word processing program or a spread- 
sheet. The client, if not already in possession of a pub- 
lic-private key pair, generates a public-private key pair 
using cryptographic hardware and/or software. The c!i- 25 
ent conveys the unsigned electronic document, and the 
client's public and private keys, to an authorized elec- 
tronic document authenticator on storage media such 
as a floppy disk or by other electronic means. An author- 
ized electronic document authenticator is an individual 30 
or enterprise that has access to the apparatus of the 
present invention or that has been authorized to use the 
method of the present invention. The client presents 
identity documents to the authenticator to verify the cli- 
ent's identity. Such identity documents may include pic- 35 
ture identification documents such as a driver's license 
and a passport, and other identification documents. 
Depending upon the degree of identity verification 
required, the authenticator may also take fingerprint or 
retinal scans or other biometric readings of the client. 40 

The client digitally signs the electronic document in 
the presence of the authenticator. In one embodiment, 
in which the cryptographic software used by the client is 
compatible with the cryptographic software available on 
a computer system of the authenticator, the client 45 
places the storage media containing the electronic doc- 
ument to be signed, and the public and private keys of 
the client, into an appropriate storage media reading 
device of the authenticator's computer. The client, while 
being observed by the authenticator, then proceeds to so 
digitally sign the electronic document by giving appro- 
priate commands to the authenticator's computer, using 
the client's private key contained (in pass phrase pro- 
tected form) on the client's storage media. The software 
in the authenticator's computer creates the client's dig- 55 
ital signature of the electronic document by deriving a 
message digest of the electronic document and 
encrypting the message digest with the private key sup- 



plied by the client. 

The authenticator verifies the digital signature using 
the public key provided by the client by giving appropri- 
ate commands to the authenticator's computer. The 
software in the authenticator's computer decrypts the 
digital signature using the client's public key obtaining 
message digest X. The authenticator software derives a 
second message digest Y for the electronic document, 
and compares message digest Y to message digest X. 
The two message digests X and Y will be identical only 
rf the private key used by the client to create the digital 
signature and the public key used by the authenticator 
to decrypt the digital signature are a valid public-private 
key pair. The authenticator (1) verifies the identity of the 
client using the identification documents provided by the 
client and/or biometric measurements taken of the cli- 
ent; (2) witnesses the client digitally signing the elec- 
tronic document using the client's private key; and (3) 
verifies that the public key supplied to the authenticator 
by the client corresponds to the private key used by the 
client to produce the digital signature. „The authentica- 
tor then creates an "authenticator identification enve- 
lope" containing a certification of the above numerated 
steps. In one embodiment of the invention, the authenti- 
cator also includes digitally recorded biometric data of 
the client in the authenticator identification envelope. 
The authenticator digitally signs the authenticator iden- 
tification envelope and the electronic document, creat- 
ing an authenticated electronic document. In one 
embodiment the authenticator gives appropriate com- 
mands to the authenticator's computer to store the 
authenticated electronic document on the storage 
media supplied by the client, and returns the storage 
media containing the authenticated electronic docu- 
ment to the client. 

In one embodiment, if the cryptographic software 
used by the client to produce its public-private key pair 
is not compatible with cryptographic software available 
on the authenticator's computer, the client brings with it 
to the authenticator either a copy of the cryptographic 
software used by the client, or a portable computer in 
which the cryptographic software used by the client has 
been installed. 

In one embodiment of the invention, the authentica- 
tor assists the client in the application process for 
obtaining a digital certificate from a certification author- 
ity. A party wishing to apply for a digital certificate from 
the certification authority fills out an application for a 
digital certificate in an appropriate electronic form. The 
authenticator authenticates the digital certificate appli- 
cation in the same manner used to authenticate other 
electronic documents. In this embodiment, instead of 
returning the authenticated application to the applicant, 
the authenticator may convey the authenticated applica- 
tion in electronic form to the certification authority. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a schematic diagram of the topology of 
one embodiment of the present invention. 

Figure 2 is a block diagram of a process used to s 
produce an authenticated electronic document in one 
embodiment of the present invention. 

Figure 3 is an illustration of a main menu from Via- 
Crypt PGP/Business Edition (TM) by ViaCrypt 

Figure 4 is an illustration of an example electronic 
document. 

Figure 5 illustrates a dialog box requesting entry of 
a client's pass phrase for one embodiment of the 
present invention. 

Figure 6 illustrates the electronic document of Fig- 
ure 4 after a digital signature of a client has been 
attached in one embodiment of the present invention. 

Figure 7 illustrates an example of a dialog box used 
to indicate a good digital signature in one embodiment 
of the present invention. 

Figure 8 illustrates an example of a dialog box used 
to indicate a bad digital signature in one embodiment of 
the present invention. 

Figure 9 illustrates the document of Figure 6 after it 
has been authenticated according to one embodiment 
of the present invention. 

Figure 10 is a block diagram of a process used to 
produce an authenticated electronic document in one 
embodiment of the present invention. 

Figure 1 1 is a schematic diagram of an example of 
a computer system that may be used as a client compu- 
ter or an authenticator computer of the present inven- 
tion. 

DETAILED DESCRIPTION OF THE INVENTION 

A method and apparatus for authentication of elec- 
tronic documents is described. In the following descrip- 
tion, numerous specific details are set forth in order to 
provide a thorough description of the present invention. 
It will be apparent, however, to one skilled in the art, that 
the present invention may be practiced without these 
specific details. In other instances, well-known features 
have not been described in detail so as not to obscure 
the present invention. 

Figure 1 is a schematic diagram of the topology of 
one embodiment of the present invention. As shown in 
Figure 1 , participants involved in this embodiment of the 
invention include an originating party or "client- 100 and 
an authenticator 130. Client 1 00 is the party that wishes 
to have its digital signature authenticated by authentica- 
tor 130. Authenticator 130 is an individual or enterprise 
that has access to the apparatus of the present inven- 
tion or that has been authorized to use the method of 
the present invention. In the embodiment of Figure 1, 
client 100 has a client computer 110, which may for 
example, be a personal computer running Microsoft 
Windows 95 (TM). Authenticator 130 has an authentica- 



tor computer 140, which may, for example, be a per- 
sonal computer running Microsoft Windows 95. Figure 
160 also shows a receiving party 160. Receiving party 
160 is an intended recipient of the electronic document 
to be signed by client 100. 

Figure 2 is a block diagram of the process used to 
produce an authenticated electronic document in one 
embodiment of the present invention. In the embodi- 
ment of Figure 2, the process begins with client 100 
generating a public-private key pair at block 200. The 
client may, for example, generate such a public-private 
key pair using cryptographic software, such as for 
example ViaCrypt PGP (TM) from ViaCrypt, running on 
client computer 110. Alternatively, if the client already 
has a public-private key pair, the process may start at 
block 210, at which client 100 generates the electronic 
document to be digitally signed according to the present 
invention. The electronic document to be signed may be 
a text file, a word processing file, a graphics file, a data 
base file, a spreadsheet file, or any other file containing 
digital data. Client 100 may generate the electronic doc- 
ument at block 210 using appropriate software running 
on client computer 110. Alternatively, instead of gener- 
ating the electronic document, client 100 may obtain the 
electronic document from another party, for example by 
downloading it from the Internet. 

After generating or otherwise obtaining the elec- 
tronic document to be signed at block 210, and editing 
the electronic document as necessary to place it in final 
form, client 100 stores the electronic document on 
transportable storage media such as floppy disk 120 
shown in Figure 1 . Any other form of transportable stor- 
age media, including transportable hard disk drives 
(such as, for example, Jaz (TM) hard drives), magnetic 
tape cartridges, flash RAM cards, smart cards, chip 
cards, recordable CD-ROM's, or other transportable 
storage media may be used. Client 100 also copies the 
client's public and private keys to the same or another 
transportable storage media. Cryptographic programs 
such as ViaCrypt PGP (TM) do not allow a private key 
to be stored on storage media other than in encrypted 
form. Accordingly, the private key may be stored in 
encrypted form on the transportable media. 

At block 230, client 1 00 conveys the transportable 
media on which the electronic document and the public 
and private keys have been stored to authenticator 130. 
Alternatively, instead of storing the electronic document 
and/or the client's public and private keys on transport- 
able media and physically conveying the transportable 
media to authenticator 130, client 100 may transmit one 
or more of the electronic document and the public/pri- 
vate keys to authenticator 130 by electronic means, 
using, for example, a telephone line and a modem. 

At block 240, authenticator 130 inspects identifica- 
tion documents provided by client 100 to verify the cli- 
ent's identity. Such documents may include photo 
identification documents such as passports and drivers 
licenses, as well as other identification documents. In 
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addition, or as an alternative, the authenticator may take 
biometric readings of client 100 at block 250. For exam- 
ple, the authenticator may digitally record the client's fin- 
gerprints, may take a digital voice print of the client, may 
take a retinal scan, or take some other form of biometric 5 
reading. 

At block 260, client 100 digitally signs the electronic 
document in the presence of authenticator 130. In this 
embodiment, client 100 uses equipment of the authenti- 
cator, for example the authenticator's computer system, 
to produce the client's digital signature. To do so, the 
transportable media supplied by client 100, containing 
the electronic document to be signed and the public and 
private keys of client 100, is made accessible to the 
authenticator computer. If, for example, the transporta- 
ble media consists of a floppy disk, the floppy disk is 
inserted in a floppy disk drive attached to the authenti- 
cator computer. Client 100 then uses encryption soft- 
ware on the authenticator computer to produce a digital 
signature and attach it to the electronic document. In 
one embodiment of the invention, the encryption soft- 
ware on the authenticator computer includes ViaCrypt 
PGP/Business Edition (TM) from ViaCrypt ("PGP/Busi- 
ness Edition"). Figure 3 is an illustration of a main menu 
300 from PGP/Business Edition. As shown in Figure 3, 
main menu 300 contains a "Sign" menu selection 310. 
In this embodiment, to digitally sign an electronic docu- 
ment, client 100 selects "Sign" menu selection 310 from 
main menu 300 of PGP/Business Edition, in embodi- 
ments using other encryption software, client 100 uses 
the commands appropriate to the particular encryption 
software used. 

In an embodiment using PGP/Business Edition, 
after client 100 selects "Sign" menu selection 310, a 
dialog box appears requesting selection of the file to be 
digitally signed. Client 1 00 selects the drive correspond- 
ing to the transportable media containing the electronic 
document to be signed, and selects the electronic doc- 
ument. An example electronic document 400 is shown 
in Figure 4. As shown in Figure 4, electronic document 
400 consists of several lines of text 410. 

After client 100 has selected the electronic docu- 
ment to be signed, PGP/Business Edition looks for a pri- 
vate "keyring" of private keys that are available. A 
private "keyring" is a file containing private keys in 
encrypted form. In this embodiment, the file on the cli- 
ent's transportable media containing client 100's private 
key constitutes such a private keyring. If the private key- 
ring found by the PGP/Business Edition contains sev- 
eral keys, PGP lists the user ID'S of the available private 
keys and prompts client 100 to select the private key to 
be used. If the keyring only contains a single key, 
PGP/Business Edition assumes that this key is the one 
to be used to digitally sign the electronic document. 

In this embodiment, the client's private key is stored 
on transportable media in encrypted form. The encryp- 
tion method used is secret key encryption using a client 
selected "pass phrase" as the source for the secret key. 



To create a digital signature using the client's private 
key the private key must be decrypted. Accordingly, 
after the appropriate private key to be used to digitally 
sign the electronic document has been identified, 
PGP/Business Edition prompts client 100 for the pass 
phrase to be used to decrypt client 100's private key so 
that it can be used to produce the desired digital signa- 
ture. Figure 5 illustrates a dialog box 500 presented by 
PGP/Business Edition requesting entry of client 100's 
pass phrase. 

After client 100 enters the client's pass phrase for 
the client's private key, PGP/Business Edition decrypts 
the private key, generates a message digest of the elec- 
tronic document, encrypts the message digest with the 
client's private key, and attaches the resulting digital sig- 
nature to the electronic document. Figure 6 illustrates 
electronic document 400 of Figure 4 after the digital sig- 
nature of client 1 00 has been attached. As shown in Fig- 
ure 6, the digitally signed document 600 contains a 
beginning of signed message indicator 610, a copy 620 
of the original document 400, a beginning of digital sig- 
nature indicator 630, the digital signature 640, and an 
end of digital signature indicator 650. 

Referring to Figure 2, after client 100 has com- 
pleted digitally signing the electronic document at block 
260, the authenticator verifies the client's digital signa- 
ture using cryptographic software on the authenticator 
computer and the client's public key as supplied by cli- 
ent 100. In one embodiment, in which the cryptographic 
software on the authenticator computer includes 
PGP/Business Edition, the authenticator initiates verifi- 
cation of the client's digital signature by selecting the 
"Verify Signature" menu option 320 from main menu 
300 shown in Figure 3 and selecting the electronic doc- 
ument for which the digital signature is to be verified 
from a file menu. PGP/Business Edition then searches 
for available public keys. When PGP/Business Edition 
finds the corresponding public key it uses it to test the 
digital signature. 

Once the proper key has been identified, the cryp- 
tographic software verifies the digital signature. The 
cryptographic software generates a message digest of 
the signed electronic document, obtains a second mes- 
sage digest by decrypting the digital signature using the 
client's public key, and compares the first and second 
message digests. If the two message digests are identi- 
cal, the software notifies the authenticator that the dig- 
ital signature is good. Figure 7 shows an example of a 
dialog box 700 used by PGP/Business Edition to indi- 
cate a good digital signature. If the two message digests 
are not identical, the software notifies the authenticator 
that the digital signature is not good. Figure 8 shows an 
example of a dialog box 800 used by PGP/Business 
Edition to indicate a bad digital signature. 

Referring to Figure 2, if the signature is found to be 
bad at block 267, the client re-signs the electronic doc- 
ument at block 269, and the verification process repeats 
at block 265. If the signature is found to be good at block 
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267, the authenticates attaches an authenticate* state- 
ment to the client-signed electronic document at block 
270. 

An authenticatpr statement is a statement the 
authenticated generates by which the authenticator s 
attests to having witnessed the client's digital signing of 
the electronic document. The exact wording of the 
authenticator statement may vary from one embodi- 
ment to the other, may vary according to the client's 
requirements, and/or may be dictated by law of the juris- 
diction in which the autherrticator is situated. In one 
embodiment of the invention, the authenticator state- 
ment is part of an "authenticator identification envelope" 
that is attached by the authenticator to an authenticated 
document. An authenticator identification envelope is a 
set of information that the authenticator attaches to the 
signed document. It includes the authenticator state- 
ment, and may include additional information. An 
authenticator statement may be in a human language or 
may be computer encoded. 

In the embodiment of Figure 2, after the authentica- 
tor attaches the authenticator statement to the signed 
electronic document at block 270. the authenticator 
optionally attaches a copy of biometric data for the client 
that was obtained by the authenticator at block 250. In 
one embodiment, the biometric data is made part of the 
authenticator identification envelope. 

At block 280, the authenticator digitally signs the 
electronic document, plus the client's digital signature, 
plus the information added by the authenticator. An 
example of a resulting, authenticated document is 
shown in Figure 9. 

Figure 9 illustrates the document of Figure 6 after it 
has been authenticated according to one embodiment 
of the present invention. In the embodiment of Figure 9, 
authenticated document 900 consists of three main sec- 
tions: client-signed document 600, authenticator identi- 
fication envelope 910, and authenticator signature 960. 

Client-signed document 600 consists of a copy of 
the original electronic document after it has been signed 
by the client, as also shown in Figure 6. 

Authenticator identification envelope 910 com- 
prises information added by the authenticator to the 
electronic document according to the present invention. 
In the embodiment of Figure 9, authenticator identifica- 
tion envelope 910 includes a beginning of authenticator 
identification envelope indicator 915, a beginning of 
authenticator statement indicator 920, an authenticator 
statement 925, an end of authenticator statement indi- 
cator 930, a beginning of biometric data indicator 935, 
biometric data 940, an end of biometric data indicator 
945, and an end of authenticator identification envelope 
indicator 950. 

Beginning of authenticator identification envelope 
indicator 915 is an indicator that identifies the beginning 
of authenticator identification envelope 910. In the 
embodiment of Figure 9, beginning of authenticator 
identification envelope indicator 915 consists of a text 



string. 

Beginning of authenticator statement indicator 920 
is an indicator that identifies the beginning of authenti- 
cator statement 925. In the embodiment of Figure 9, 
beginning of authenticator statement indicator 925 con- 
sists of a text string. 

Authenticator statement 925 consists of information 
added by the authenticator describing particulars of the 
digital signature witnessed by the authenticator. In the 
embodiment of Figure 9, authenticator statement 925 
includes a statement 921 indicating the identity of the 
authenticator, data 922 indicating the date, time and 
place at which the authenticator witnessed the digital 
signing of the electronic document, and a listing 923 of 
the materials examined by the authenticator to establish 
the identity of the client. In the embodiment of Figure 9. 
authenticator statement 925 also includes a statement 
924 indicating that the authenticator has taken biometric 
readings of the client, identifying the particular type of 
biometric reading taken, and indicating that resulting 
biometric data is appended to the electronic document. 

End of authenticator statement indicator 930 is an 
indicator that identifies the end of authenticator state- 
ment 925. In the embodiment of Figure 9, end of 
authenticator statement indicator 930 consists of a text 
string. 

Beginning of biometric data indicator 935 is an indi- 
cator that identifies the beginning of biometric data 940. 
In the embodiment of Figure 9, beginning of biometric 
data indicator 935 consists of a text string. 

Biometric data 940 consists of biometric data 
resulting from biometric readings made by the authenti- 
cator of the client. In Figure 9, the biometric data is rep- 
resented by several lines of digital 1's and 0's. The 
biometric data appended by an authenticator to a 
signed electronic document can take a variety of other 
forms. 

End of biometric data indicator 945 is an indicator 
that identifies the end of biometric data 940. In the 
embodiment of Figure 9, end of biometric data indicator 
945 consists of a text string. 

End of authenticator identification envelope indica- 
tor 950 is an indicator that identifies the end of authenti- 
cator identification envelope 910. In the embodiment of 
Figure 9, end of authenticator identification envelope 
indicator 950 consists of a text string. 

In the embodiment of Figure 9, the authenticator 
identification envelope includes an authenticator state- 
ment and biometric data. In other embodiments, more 
or less information may be included in the authenticator 
identification envelope. For example, the authenticator 
identification envelope may contain an identification 
level identifier that specifies the degree of scrutiny of the 
client's identity undertaken by the authenticator. The 
authenticator may also include a copy of the public key 
presented by the client, and/or a copy of a digital certifi- 
cate obtained by the client from a certification authority 
authenticating the public key of the client. The authenti- 
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cator may also include a copy of a digital certificate 
obtained by the authenticator from a certification 
authority authenticating the public key of the authentica- 
tor. In some embodiments, information supplied by the 
authenticator may be appended to an electronic docu- 5 
ment without using beginning and end of authenticator 
identification envelope indicators such as indicators 915 
and 950, respectively, to delineate a specific authentica- 
tor identification envelope. The term "authenticator 
identification envelope" as used herein refers to infor- 10 
mation added by an authenticator to a client-signed 
document, regardless of whether or not such informa- 
tion is labeled with the words "authenticator identifica- 
tion envelope" and regardless of whether or not 
indicators are used to identify bounds of such added 15 
information. 

In this embodiment authenticator digital signature 
960 includes a beginning of signed message indicator 
965, digital signature indicator 961, a version indicator 
962, an encrypted message digest 963, and an end of 20 
digital signature indicator 964. 

Beginning of signed message indicator 965 is an 
indicator that identifies the beginning of the component 
parts that are signed by the authenticator 's digital sig- 
nature. 25 

Beginning of digital signature indicator 961 is an 
indicator that identifies the beginning of authenticator 
digital signature 960. In the embodiment of Figure 9, 
beginning of digital signature indicator 961 consists of a 
text string. 30 

Version indicator 962 indicates the version of the 
software program used to produce authenticator digital 
signature 960. 

Encrypted message digest 963 is a message digest 
of client-signed electronic document 600 and authenti- 35 
cator identification envelope 910 encrypted using the 
authenticator's public key. Encrypted message digest 
963 constitutes the authenticator digital signature of the 
client's document plus the authenticator identification 
envelope. 40 

End of digital signature indicator 964 is an indicator 
that identifies the end of authenticator digital signature 
960. In the embodiment of Figure 9, end of digital signa- 
ture indicator 964 consists of a text string. 

Referring to Figure 2 ( after signing the electronic 45 
document at block 280, the authenticator transfers the 
authenticated document (such as, for example, authen- 
ticated document 900 of Figure 9) to transportable 
media of the client at block 285, which may be the same 
transportable media on which the client brought the so 
original electronic document to the authenticator, or 
may be another transportable media, such as, for exam- 
ple, floppy disk 170 of Figure 1. In addition, or as an 
alternative, to transferring the authenticated electronic 
document to transportable media, the authenticator ss 
may transmit the authenticated electronic document by 
electronic means (such as, for example, the Internet) to 
the office of the client or to some other recipient 160 at 



block 290. In one embodiment, the authenticator 
encrypts any such electronic document transmitted by 
electronic means using the public key of the recipient. 

At block 295, the authenticator records transaction 
data concerning the authentication transaction in a 
transaction log. Such transaction data may include, for 
example, the date and time of the authentication, the 
name of the client, forms of identification used for client 
verification, and a descriptive title of the electronic doc- 
ument authenticated. 

One example of an electronic document that an 
authenticator may transmit electronically to a recipient 
at block 290 is an application for a digital certificate. In 
one application of the present invention, the authentica- 
tor acts as an agent for a certification authority. A client 
wishing to obtain a digital certificate from the certifica- 
tion authority in this embodiment obtains an electronic 
version of the certification authority's application form 
(for example from the certification authority's Internet 
server) and fills in the requested information. The client 
brings the completed electronic application to the 
authenticator, digitally signs it in the presence of the 
authenticator, and the authenticator adds an authentica- 
tor identification envelope according to the present 
invention. In this application, the authenticator identifi- 
cation envelope may contain a specific form of authenti- 
cator statement as required by the certification 
authority. The authenticator digitally signs the applica- 
tion, encrypts the authenticated application with the cer- 
tification authority's public key, and transmits the 
encrypted application to the certification authority. 

In the embodiment of Figure 2, the public/private 
keys generated by the client and the client's encryption 
software are compatible with encryption software of the 
authenticator. Figure 10 is a block diagram of a process 
used to produce an authenticated electronic document 
according to the present invention in an embodiment in 
which the encryption software of the authenticator is not 
compatible with the client's public and private keys or 
encryption software. 

As shown in Figure 10, in this embodiment, the cli- 
ent generates a public/private key pair at block 1000 
and generates the electronic document to be authenti- 
cated at block 1005. The client takes a portable compu- 
ter containing the client's encryption software, the 
electronic document, and the client's public/private keys 
to the authenticator's place of business at block 1010. 
The authenticator inspects the client's identification 
documents at block 1015, and optionally takes biomet- 
ric readings of the client at block 1020. The client digit- 
ally signs the electronic document using the client's 
portable computer in the authenticator's presence at 
block 1025. 

The authenticator verifies the client's digital signa- 
ture using the client's encryption software and the cli- 
ent's public key at block 1030. 

If the authenticator determines that the signature is 
not valid, the client re-signs the electronic document at 
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block 1040. The process then returns to block 1030. 

If the authenticator determines that the signature is 
valid, the authenticator transfers the client-signed docu- 
ment to an authenticators computer at block 1045. The 
authenticator may transfer the electronic document by 
establishing an electronic connection between the client 
computer and the authenticator computer and transfer- 
ring the document electronically, or the authenticator 
may store the electronic document on transportable 
media and transfer the transportable media from the cli- 
ent computer to the authenticator computer. 

The authenticator uses the authenticator computer 
to attach an authenticator identification envelope of the 
present invention to the electronic document at block 
1050. The authenticator identification envelope may 
contain additional information, such as an authenticator 
statement indicating that the authenticator verified the 
client's digital signature using client supplied computer 
and software. The authenticator digitally signs the elec- 
tronic document at block 1055. The authenticator trans- 
fers the authenticated document to the client's portable 
computer or transportable media at block 1060, and/or 
transmits the authenticated document to a recipient in 
electronic form at block 1065. The authenticator records 
pertinent transaction data in the authenticators transac- 
tion log at block 1070. 

Figure 1 1 is a schematic diagram of a computer 
system that may be used as a client computer or an 
authenticator computer of the present invention. The 
computer system shown in Figure 1 1 includes a CPU 
unit 1 100 that includes a central processor, main RAM 
memory 1105, peripheral interfaces, input-output 
devices, power supply, and associated circuitry and 
devices; a display device 1110 which may be a cathode 
ray tube display, LCD display, gas-plasma display, or 
any other computer display; an input device 1 130, which 
may include a keyboard, mouse, digitizer, or other input 
device; non-volatile storage 1120. which may include 
magnetic, re-writable optical, or other mass storage 
devices; a transportable media drive 1125, which may 
include magnetic, re-writable optical, or other remova- 
ble, transportable media, and a printer 1 150. The com- 
puter system may also include a network interface 
1 140, which may include a modem, allowing the compu- 
ter system to communicate with other systems over a 
communications network such as the Internet. Any of a 
variety of other configurations of computer systems may 
also be used. In one embodiment, the authenticator 
computer comprises an Intel Pentium (tm) CPU and 
runs the Microsoft Windows 95 (tm) operating environ- 
ment. 

Thus, an improved method and apparatus for 
authentication of electronic documents has been 
described. Although the present invention has been 
described with respect to certain example embodi- 
ments, it will be apparent to those skilled in the art that 
the present invention is not limited to these specific 
embodiments. Further, although the operation of certain 



embodiments has been described in detail using spe- 
cific software programs and certain detailed process 
steps, different software may be used, and some of the 
steps may be omitted or other similar steps may be sub- 

5 stituted, without departing from the scope of the inven- 
tion. Other embodiments incorporating the inventive 
features of the present invention will be apparent to 
those skilled in the art. 

The features disclosed in the foregoing description, 

io in the claims and/or in the accompanying drawings may, 
both separately and in any combination thereof, be 
material for realising the invention in diverse forms 
thereof. 

is Claims 

1 . An authenticated electronic document comprising: 

a first electronic document; 

20 a first digital signature of said first electronic 

document executed by an originating party; 
an identification envelope comprising a verify- 
ing statement of a verifying party comprising a 
statement of the verifying party indicating that 

25 said verifying party witnessed execution of said 

first digital signature by said originating party; 
a digital signature of said verifying party. 

2. The authenticated electronic document of claim 1 
30 wherein said identification envelope comprises bio- 
metric data of said originating party. 

3. The authenticated electronic document of claim 2 
wherein said biometric data comprises a digitized 

35 fingerprint of said originating party. 

4. The authenticated electronic document of claim 1 
wherein said identification envelope comprises a 
public key of said originating party. 

40 

5. The authenticated electronic document of claim 1 
wherein said identification envelope comprises a 
digital certificate of said originating party. 

45 6. The authenticated electronic document of claim 1 
wherein said identification envelope comprises a 
digital certificate of said verifying party. 

7. The authenticated electronic document of claim 1 
so further comprising indicators delineating said iden- 
tification envelope. 

8. The authenticated electronic document of claim 1 
wherein said identification envelope comprises 

55 information identifying materials used by said veri- 
fying party to verify the identity of said originating 
party. 
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9. The authenticated electronic document of claim 1 
wherein said identification envelope is computer 
encoded. 

1 0. A transportable data storage device readable by a 5 
machine, said storage device comprising digital 
data representing an authenticated electronic docu- 
ment, said authenticated electronic document com- 
prising: 

10 

a first electronic document; 
a first digital signature of said first electronic 
document executed by an originating party; 
an identification envelope comprising a verify- 
ing statement of a verifying party comprising a is 
statement of the verifying party indicating that 
said verifying party witnessed execution of said 
first digital signature by said originating party; 
a digital signature of said verifying party. 

20 

11. The transportable data storage device of claim 10 
wherein said identification envelope comprises bio- 
metric data of said originating party. 

12. The transportable data storage device of claim 11 25 
wherein said biometric data comprises a digitized 
fingerprint of said originating party. 

13. The transportable data storage device of claim 10 
wherein said identification envelope comprises a 30 
public key of said originating party. 

14. The transportable data storage device of claim 10 
wherein said identification envelope comprises a 
digital certificate of said originating party. 35 

15. The transportable data storage device of claim 10 
wherein said identification envelope comprises a 
digital certificate of said verifying party. 

40 

16. The transportable data storage device of claim 10 
wherein said authenticated electronic document 
further comprises indicators delineating said identi- 
fication envelope. 

45 

17. The transportable data storage device of claim 10 
wherein said identification envelope comprises 
information identifying materials used by said veri- 
fying party to verify the identity of said originating 
party. so 

18. The transportable data storage device of claim 10 
wherein said identification envelope is computer 
encoded. 

55 

1 9. A method for authenticating an electronic document 
comprising the steps of: 



generating a first digital signature of an origi- 
nating party for said electronic document; 
generating an identification envelope compris- 
ing a verifying statement for said electronic 
document, said verifying statement comprising 
a statement of a verifying party indicating that 
said verifying party witnessed execution of said 
first digital signature by said originating party; 
generating a second digital signature of said 
verifying party for said electronic document and 
for said identification envelope. 

20. The method of claim 19 further comprising the step 
of verifying said first digital signature prior to gener- 
ating said identification envelope for said electronic 
document. 

21. The method of claim 19 wherein said identification 
envelope comprises biometric data of said originat- 
ing party. 

22. The method of claim 21 wherein said biometric data 
comprises a digitized fingerprint of said originating 
party. 

23. The method of claim 19 wherein said identification 
envelope comprises a public key of said originating 
party. 

24. The method of claim 1 9 wherein said identification 
envelope comprises a digital certificate of said orig- 
inating party. 

25. The method of claim 19 wherein said identification 
envelope comprises a digital certificate of said veri- 
fying party. 

26. The method of claim 1 9 further comprising the step 
of appending indicators to said electronic document 
for delineating said identification envelope. 

27. The method of claim 19 wherein said identification 
envelope comprises information identifying materi- 
als used by said verifying party to verify the identity 
of said originating party. 

28. The method of claim 19 wherein said identification 
envelope is computer encoded. 

29. A program storage device readable by a machine, 
tangibly embodying a program of instructions exe- 
cutable by the machine to perform a method for 
authenticating an electronic document, said 
method comprising the steps of: 

generating a first digital signature of an origi- 
nating party for said electronic document; 
generating an identification envelope compris- 
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ing a verifying statement for said electronic 
document, said verifying statement comprising 
a statement of a verifying party indicating that 
said verifying party witnessed execution of said 
first digital signature by said originating party; 5 
generating a second digital signature of said 
verifying party for said electronic document and 
for said identification envelope. 

30. The program storage device of claim 29 wherein 10 
said method further comprises the step of verifying 
said first digital signature prior to generating said 
identification envelope for said electronic docu- 
ment 

15 

31. The program storage device of claim 29 wherein 
said identification envelope comprises biometric 
data of said originating party. 

32. The program storage device of claim 29 wherein 20 
said biometric data comprises a digitized fingerprint 

of said originating party. 

33. The program storage device of claim 29 wherein 
said 25 

identification 

envelope comprises a public key of said originating 
party. 

34. The program storage device of claim 29 wherein 30 
said 

identification 

envelope comprises a digital certificate of said orig- 
inating party. 

35 

35. The program storage device of claim 29 wherein 
said identification envelope comprises a digital cer- 
tificate of said verifying party. 

36. The program storage device of claim 29 wherein 40 
said method further comprises the step of append- 
ing indicators to said electronic document for delin- 
eating said identification envelope. 

37. The program storage device of claim 29 wherein 45 
said identification envelope comprises information 
identifying materials used by said verifying party to 
verify the identity of said originating party. 

38. The program storage device of claim 29 wherein so 
said identification envelope is computer encoded. 
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